In this post, I discuss and give an example of how to use Squid, a leading open-source proxy, to implement a âtransparent proxyâ that can restrict both HTTP and HTTPS outbound traffic to a given set of Internet domains, while being fully transparent for instances in the private subnet.
tutorial aws networking squidThe primary reason for enabling this functionality is to allow third-party applications that arenât capable of performing secure binds or encrypted LDAP sessions (over TCP 389) to connect securely.
active directory security windowsThe core of the issue is this, when an application performs a simple LDAP bind, the username and password is transmitted in clear text in the very first packet. The DC doesn't even have a chance to prevent this exposure from occurring. Â If this connection is not encrypted at a lower layer such as TLS or IPSec, it may be intercepted and a bad day may soon follow.
active directory security windows ldapThe unattended-upgrades package can be used to automatically install updated packages, and can be configured to update all packages or just install security updates.
To configure unattended-upgrades, edit /etc/apt/apt.conf.d/50unattended-upgrades.
To enable automatic updates, edit /etc/apt/apt.conf.d/20auto-upgrades.
In looking into compromised systems, often what is needed by incident responders and investigators is not enabled or configured when it comes to logging. To help get system logs properly Enabled and Configured, below are some cheat sheets to help you do logging well and so the needed data we all need is there when we look.
documentation sysadmin tipsTools and settings for the windows time service.
windowsDocumentation of API endpoints on the UniFi controller software. This is a reverse engineering project that is based on browser captures, jar dumps, and reviewing other software that has been written to work with the controller. It's received minimal testing.
ubiquiti documentation apiRemembering the current directory for each drive has been preserved ever since DOS 1.0, although there isnât actually such a concept as a per-drive current directory in Win32. The appearance that each drive has its own current directory is a fake-out by cmd.exe which uses environment variables to create the illusion to batch files that each drive has its own current directory.
windowsWindows Server 2019 and the most recent version of Windows 10 include the ability to install both an SSH client and an SSH server. To get an SSH client onto Windows 10 or Windows Server 2019, without using 3rd party software or installing Windows Subsystem for Linux, use the PowerShell command:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Systems Manager Automation simplifies common maintenance and deployment tasks of Amazon EC2 instances and other AWS resources. Automation enables you to do the following.
This is a fork of Michal Gajda's PSWindowsUpdate PowerShell module. The original module can be found on the PowerShell Gallery.
windows github powershellThe Windows Update Agent (WUA) API is a set of COM interfaces that enable system administrators and programmers to access Windows Update and Windows Server Update Services (WSUS). Scripts and programs can be written to examine which updates are currently available for a computer, and then you can install or uninstall updates.
windows scriptingIf the router is filtering too, ubuntu has to be aware of the gateway's existence for both interfaces and use table and rule settings for a correct routing.
Normally, a Linux system only has one routing table, in which only one default gateway can make entries. With iproute2, you have the ability to setup an additional routing table, for one thing, and allow this table to be used by the system based on rules, for another.
linux networking homelabThis project describes the Ubiquiti EdgeRouter Lite (and EdgeRouter 4), EdgeSwitch 24 and UniFi Access Point network design for a SOHO (Small Office/Home Office) network.
ubiquiti networkingThis guide outlines basic steps used to troubleshoot Group Policy application errors using the Group Policy Service Debug logs (gpsvc.log).
Enable by setting HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics\GPSvcDebugLevel REG_DWORD to 30002 (hex), and ensure %windir%\debug\usermode exists. The gpsvc.log log will be created in this directory when updating group policy (eg gpupdate /force).
LAPS is easy to deploy and works great. The challenge comes in knowing if itâs actually working. How do you know if your machines have ever set the password? Or maybe they set it once and havenât updated it since even though itâs past the designated expiration date? Itâs definitely worth monitoring to ensure that your machines are operating as expected. Jiri Formacek (the creator of LAPS), threw together a small PowerShell script to provide that capability.
windows active directory securityBash is powerful, it is super permissive, and because of that, it is extremely easy to do something stupid with it. This blogpost is more about good conventions in bash, not it's syntax or how to do basic stuff with it.
bash shellLike programming in C or driving a car, contemporary shellscript languages require some knowledge and discipline to use safely, but that's not to say it can't be done. This guide is here to show that in bash, it can be done. Specifically, those systematic bugs that the language encourages can be eliminated by disciplines that are outlined here. Realize that Bash is not a language where the correct way to do something is also the easiest.
bash shellThis wiki is intended to provide human-readable documentation and information so users aren't forced to read every bit of the Bash manpage - which can be difficult to understand.
bash shell